Daily Ruleset Update Summary 2018/05/02

[***]            Summary:            [***]

4 new Open, 19 new Pro (4 + 15). ZeusPanda, Chthonic, MSIL/Celebi.A, Various Mobile, Various Phishing.

[+++]          Added rules:          [+++]

Open:

2025553 - ET INFO Possible Rogue LoJack Asset Tracking Agent (info.rules)
2025554 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) 2018-05-02 (current_events.rules)
2025555 - ET CURRENT_EVENTS Netflix Phishing Landing 2018-05-02 (current_events.rules)
2025556 - ET CURRENT_EVENTS Paypal Phishing Landing 2018-05-02 (current_events.rules)

Pro:

2830646 - ETPRO TROJAN Possible Zeus Panda SSL/TLS Certificate Observed (trojan.rules)
2830647 - ETPRO TROJAN SSL/TLS Certificate Observed (Ursnif) (trojan.rules)
2830648 - ETPRO MALWARE Win32/InstallCore set bit (malware.rules)
2830649 - ETPRO TROJAN ZeusPanda CnC Domain (bithetbuter .ru in TLS SNI) (trojan.rules)
2830650 - ETPRO TROJAN W32/Chthonic CnC DNS Lookup (trumplines .bit) (trojan.rules)
2830651 - ETPRO TROJAN W32/Chthonic CnC DNS Lookup (siteeu .bit) (trojan.rules)
2830652 - ETPRO CURRENT_EVENTS MalDoc Retrieving EXE Payload 2018-05-02 (current_events.rules)
2830653 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2018-05-02 (current_events.rules)
2830654 - ETPRO MALWARE MSIL/Celebi.A Checkin (malware.rules)
2830655 - ETPRO CURRENT_EVENTS Successful Netflix Phish 2018-05-02 (current_events.rules)
2830656 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-05-02 1) (trojan.rules)
2830657 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 321 (mobile_malware.rules)
2830658 - ETPRO CURRENT_EVENTS MalDoc Retrieving EXE Payload 2018-05-02 M2 (current_events.rules)
2830659 - ETPRO CURRENT_EVENTS Observed MalDoc User-Agent (TST-DC) (current_events.rules)
2830660 - ETPRO CURRENT_EVENTS Observed MalDoc User-Agent (V1Z7F) (current_events.rules)

[///]     Modified active rules:     [///]

2018635 - ET TROJAN Common Upatre Header Structure 2 (trojan.rules)
2810804 - ETPRO TROJAN Win32/Bancos.AMF CnC Beacon 13 (trojan.rules)
2816666 - ETPRO TROJAN Win32/TrojanDownloader.Banload.XAK Downloading PE (trojan.rules)
2830613 - ETPRO TROJAN W32/Chthonic CnC Activity (trojan.rules)

[---]  Disabled and modified rules:  [---]

2828199 - ETPRO TROJAN Possible Apple Phishing SNI (trojan.rules)

[---]         Removed rules:         [---]

2828859 - ETPRO CURRENT_EVENTS Possible GreenFlash SunDown EK Exploit (current_events.rules)

Date: 
Wednesday, May 2, 2018 - 00:00